Vulnerability in Linux Kernel 3.10.x Allows Memory Access Fault and System Halt

Vulnerability in Linux Kernel 3.10.x Allows Memory Access Fault and System Halt

CVE-2018-16885 · MEDIUM Severity

AV:L/AC:L/AU:N/C:N/I:N/A:C

A flaw was found in the Linux kernel that allows the userspace to call memcpy_fromiovecend() and similar functions with a zero offset and buffer length which causes the read beyond the buffer boundaries, in certain cases causing a memory access fault and a system halt by accessing invalid memory address. This issue only affects kernel version 3.10.x as shipped with Red Hat Enterprise Linux 7.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.